From 60b1643a52276a35a3067b54f0d4d3fe8838cf6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=94=D0=BC=D0=B8=D1=82=D1=80=D0=B8=D0=B9?=
 <lendry@MacBook-Pro-Dmitrij.local>
Date: Sat, 11 Apr 2026 22:48:32 +0300
Subject: [PATCH] add admin rbac methods

---
 package.json                    |  2 +-
 proto/admin/admin-account.proto | 89 +++++++++++++++++++++++++++++++++
 2 files changed, 90 insertions(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 5b01773..906058e 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@lendry-erp/contracts",
-  "version": "1.2.18",
+  "version": "1.2.19",
   "description": "Protobuf definitions and generated TypeScript types",
   "type": "commonjs",
   "main": "./dist/index.js",
diff --git a/proto/admin/admin-account.proto b/proto/admin/admin-account.proto
index e64a548..8cdd10e 100644
--- a/proto/admin/admin-account.proto
+++ b/proto/admin/admin-account.proto
@@ -26,6 +26,16 @@ service AdminService {
 
   // Синхронизация с поисковым движком (Elasticsearch)
   rpc SyncUsersToSearch (SyncUsersToSearchRequest) returns (SyncUsersToSearchResponse);
+
+
+  // RBAC
+  rpc GetAllPermissions (GetAllPermissionsAdminRequest) returns (GetAllPermissionsAdminResponse);
+  rpc GetAllRoles(GetAllRolesAdminRequest) returns (GetAllRolesAdminResponse);
+  rpc CreateRole(CreateRoleAdminRequest) returns (ModifyRoleAdminResponse);
+  rpc UpdateRole(UpdateRoleAdminRequest) returns (ModifyRoleAdminResponse);
+  rpc DeleteRole(DeleteRoleAdminRequest) returns (DeleteRoleAdminResponse);
+  rpc CreatePermission(CreatePermissionAdminRequest) returns (ModifyPermissionAdminResponse);
+  rpc UpdatePermission(UpdatePermissionAdminRequest) returns (ModifyPermissionAdminResponse);
 }
 
 // --- DTO для управления учетными записями ---
@@ -156,4 +166,83 @@ message SyncUsersToSearchRequest {
 message SyncUsersToSearchResponse {
   bool success = 1;
   string message = 2;
+}
+
+message GetAllPermissionsAdminRequest {
+    string user_id = 1;
+    string session_id = 2;
+}
+
+message PermissionAdmin {
+    string id = 1;
+    string code = 2;
+    string description = 3;
+    string module = 4;
+    repeated string roles = 5;
+}
+
+message GetAllPermissionsAdminResponse {
+    repeated PermissionAdmin permissions = 1;
+}
+
+message GetAllRolesAdminRequest {
+    string user_id = 1;
+    string session_id = 2;
+}
+
+message RolesAdmin {
+    string id = 1;
+    string name = 2;
+    int32 level = 3;
+    repeated string permissions = 4;
+    repeated string ldap_mapping = 5;
+    repeated string accounts = 6;
+}
+
+message GetAllRolesAdminResponse {
+    repeated RolesAdmin roles = 1;
+}
+
+message CreateRoleAdminRequest {
+    string name = 1;
+    int32 level = 2;
+    repeated string permission_codes = 3;
+}
+
+message UpdateRoleAdminRequest {
+    string id = 1;
+    optional string name = 2;
+    optional int32 level = 3;
+    repeated string permission_codes = 4;
+}
+
+message ModifyRoleAdminResponse {
+    bool success = 1;
+    string message = 2;
+}
+
+message DeleteRoleAdminRequest {
+    string id = 1;
+}
+
+message DeleteRoleAdminResponse {
+    bool success = 1;
+    string message = 2;
+    optional string fallback_role_name = 3;
+}
+
+message CreatePermissionAdminRequest {
+    string code = 1;
+    string description = 2;
+    string module = 3;
+}
+
+message UpdatePermissionAdminRequest {
+    string id = 1;
+    repeated string role_ids = 2; 
+}
+
+message ModifyPermissionAdminResponse {
+    bool success = 1;
+    string message = 2;
 }
\ No newline at end of file